﻿<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="generator" content="Adobe RoboHelp 9" />
<title>Trusting Applications built with .NET API</title>
<link rel="StyleSheet" href="default.css" type="text/css" />
<style type="text/css">
/*<![CDATA[*/
<!--
P { margin-left:0pt;
margin-right:0pt;
font-family:Verdana;
margin-bottom:3pt;
margin-top:18pt; }
H1 { font-weight:bold;
margin-top:14pt;
margin-bottom:14pt;
margin-left:0pt;
margin-right:0pt;
page-break-after:avoid;
font-family:Verdana;
x-next-type:P;
font-size:18pt; }
H2 { font-weight:bold;
margin-top:14pt;
margin-bottom:14pt;
margin-left:0pt;
margin-right:0pt;
page-break-after:avoid;
font-family:Verdana;
x-next-type:P;
font-size:14pt; }
H3 { font-weight:bold;
margin-top:14pt;
margin-bottom:14pt;
margin-left:0pt;
margin-right:0pt;
page-break-after:avoid;
font-family:Verdana;
x-next-type:P;
font-size:12pt; }
-->
/*]]>*/
</style>

<script type="text/javascript" language="JavaScript">
//<![CDATA[
function reDo() {
  if (innerWidth != origWidth || innerHeight != origHeight)
     location.reload();
}
if ((parseInt(navigator.appVersion) == 4) && (navigator.appName == "Netscape")) {
        origWidth = innerWidth;
        origHeight = innerHeight;
        onresize = reDo;
}
onerror = null; 
//]]>
</script>
<style type="text/css">
/*<![CDATA[*/
<!--
div.WebHelpPopupMenu { position:absolute;
left:0px;
top:0px;
z-index:4;
visibility:hidden; }
-->
/*]]>*/
</style>

<script type="text/javascript" language="javascript1.2" src="whmsg.js">
</script>
<script type="text/javascript" language="javascript" src="whver.js">
</script>
<script type="text/javascript" language="javascript1.2" src="whproxy.js">
</script>
<script type="text/javascript" language="javascript1.2" src="whutils.js">
</script>
<script type="text/javascript" language="javascript1.2" src="whlang.js">
</script>
<script type="text/javascript" language="javascript1.2" src="whtopic.js">
</script>
</head>
<body>
<script type="text/javascript" language="javascript1.2">
//<![CDATA[
<!--
if (window.gbWhTopic)
{
        var strUrl = document.location.href;
        var bc = 0;
        var n = strUrl.toLowerCase().indexOf("bc-");
        if(n != -1)
        {
                document.location.href = strUrl.substring(0, n);
                bc = strUrl.substring(n+3);
        }

        if (window.addTocInfo)
        {
        addTocInfo("Securing Applications\nTrusting Applications built with .NET API");
addButton("show",BTN_TEXT,"Show","","","","",0,0,"","","");

        }
        if (window.writeBtnStyle)
                writeBtnStyle();

        if (window.writeIntopicBar)
                writeIntopicBar(1);

        
        document.write("<p style=\"font-family: Arial; font-size: 8pt; font-weight: 400;  font-style:normal; color: rgb(0, 0, 255); text-decoration:none; text-align: right\"> ");
AddMasterBreadcrumbs("index.htm", "font-family: Arial; font-size: 8pt; font-weight: 400;  font-style:normal; color: rgb(0, 0, 255); text-decoration:none; text-align: right", "&gt;", "Home", "welcome.htm");
document.write("<a style=\"font-family: Arial; font-size: 8pt; font-weight: 400;  font-style:normal; color: rgb(0, 0, 255); text-decoration:none; text-align: right\" href=\"overviewsecuringapplications.htm\">Securing Applications<\/a> &gt; Trusting Applications built with .NET API<\/p>");


        if (window.setRelStartPage)
        {
        setRelStartPage("index.htm");

                autoSync(1);
                sendSyncInfo();
                sendAveInfoOut();
        }
}
else
        if (window.gbIE4)
                document.location.reload();

//-->
//]]>
</script><span style="font-weight: bold; font-size: 10pt;"><font size="2" style="font-size:10pt;"><b><a href="http://www.opcfoundation.org" style="color: #0000ff; font-size: 10pt; text-decoration: underline;"><img src="opcfoundation.jpg" alt="opcfoundation.jpg" style="border: none;" width="189" height="61" align="left" border="0" /></a>The Interoperability Standard<br />
for Industrial Automation</b></font></span><br />
&#160;<br />
&#160;
<table cellspacing="0" width="100%" align="center">
<tr>
<td style="vertical-align: top;"><span style="font-size: 8pt;"><font size="1" style="font-size:8pt;"><a href="http://www.opcfoundation.org" target="_blank" style="color: #0000ff; text-decoration: underline;">OPC Foundation Online</a> | <a href="http://www.opcfoundation.org/certification" target="_blank">Certification</a> | <a href="http://www.opcfoundation.org/technology" target="_blank">Technology</a> | <a href="https://www.opcfoundation.org/news" target="_blank">News</a></font></span></td>
<td style="vertical-align: top; text-align: right; font-size: 8pt;"><a href="welcome.htm" style="color: #0000ff; text-decoration: underline;">Home</a> | <a href="getting_started.htm">Getting Started</a></td>
</tr>
</table>
<p style=" border-bottom:Solid 1px #000000; font-weight:bold; text-align:center; border-width:4px;"><span style="font-weight: bold; text-align: center;"><b><span style="font-weight: bold;"><b>Unified Architecture Technology Sample Applications</b></span></b></span></p>
<h1>Trusting Applications built with UA .NET API</h1>
<p>In this tutorial we will only use the applications supplied by the OPC Foundation.</p>
<p>By default, all applications installed by this package trust each other. We will begin our tutorial by isolating one application and removing it from the trust-list. Once we have seen the effects of this, we will add the application back into the trust list.</p>
<h2>Step 1 - Removing an Application from the Trust List</h2>
<p>In this tutorial we will use isolate the <a href="daclientoverview.htm">Data Access Client</a> by removing it from the trust-list, thus preventing it from making a connection to any of the UA Servers installed within this package.</p>
<h3>First: Removing the Application</h3>
<p>Launch the <a href="daserveroverview.htm">DA Server</a> and <a href="daclientoverview.htm">DA Client</a> applications and make sure a connection can be established. Then shutdown the DA Server, leaving the DA Client running.</p>
<ol type="1">
<li>
<p><a href="launching_the_configuration_tool.htm">Launch the Configuration Tool</a> and select any application.</p>
</li>
<li>
<p>Click on the <a href="uaconfig_manage_security.htm">Manage Security</a> tab (if not already selected).</p>
</li>
<li>
<p>Click on the <a href="uaconfig_manage_security.htm#View_Trusted_Certificates">View_Trusted_Certificates</a> button.</p>
</li>
<li>
<p>The "Manage Certificates in Certificate Store" dialog will open:</p>
<ol type="1">
<li>
<p>Select "Quickstart DataAccess Client" in the list and then right-click on it.</p>
</li>
<li>
<p>Choose "Delete" from the context-menu.</p>
</li>
<li>
<p>You will be prompted to verify the request; click the "Yes" button.</p>
</li>
<li>
<p>Click the "Cancel" button to close the dialog.</p>
</li>
</ol>
</li>
</ol>
<h3>Second: Testing the Connection</h3>
<ol type="1">
<li>
<p>Launch the <a href="daserveroverview.htm">DA Server</a> .</p>
</li>
<li>
<p>In the DA Client you will click the "Connect" button (make sure the "Use Security" checkbox is checked).</p>
</li>
<li>
<p>The connection will fail and the following error shown:<br />
<img src="error-badsecurechannelclosed.png" alt="error-badsecurechannelclosed.png" style="border: none;" border="0" /></p>
</li>
</ol>
<p>Note: If you clear the "Use Security" box the connection will succeed.</p>
<h2>Step 2 - Trusting an Application</h2>
<p>There are 2 ways that you can configure trusting an application:</p>
<ol type="1">
<li>
<p>Attempt the connection while expecting it to fail. You then move the certificate from the untrusted store to the trusted store. <span style="font-weight: bold;"><b>Easiest method!</b></span></p>
</li>
<li>
<p>Export the certificate from the first application, and then import into the trust list of the other application.</p>
</li>
</ol>
<p>In this tutorial we will use idea #1 above.</p>
<ol type="1">
<li>
<p><a href="launching_the_configuration_tool.htm">Launch the Configuration Tool</a>, then activate the <a href="uaconfig_manage_security.htm">Manage Security</a> tab, and then click the "Select Certificate to Trust..." button.</p>
</li>
<li>
<p>The "Manage Certificates in Certificate Store" dialog will display a list of certificates in the "MachineDefault" store. We need to change the "Store Path" to show the "RejectedCertificates":<br />
<img src="rejectedcertificatesstore.png" title="RejectedCertificate store" alt="RejectedCertificate store" style="border: none;" border="0" /></p>
</li>
<li>
<p>Within the list you will select "Quickstart Data Access Client" and click the "OK" button.</p>
</li>
<li>
<p>You will see a message that the certificate is now trusted. However, the certificate is also still <span style="font-style: italic;"><i>not trusted</i></span>.</p>
</li>
<li>
<p>Repeat steps 2 and 3 (above) and this time you will select the "Quickstart Data Access Client" by right-clicking on it and choosing "Delete" from the context-menu; you will need to confirm the request.</p>
</li>
<li>
<p>Click the "Cancel" button to close the "Manage Certificates in Certificate Store" dialog.</p>
</li>
<li>
<p>Minimize the Configuration Tool.</p>
</li>
<li>
<p>In the DA Client, check the "Use Security" box and then click the "Connect" button.</p>
</li>
</ol>
<p>The connection between the Client and Server should be established.</p>
<h2>Summary</h2>
<p>In this example we saw how you can remove an application from a trust-list, and how to add it to the trust list. We focussed on the Client only. In the real world you will need to make sure that the Server trusts the Client (as we did here) and also that the Client trust the Server, which you can do by following the same steps as described above.</p>
<h2>Something to Consider...</h2>
<p>The OPC Foundation UA .NET API sample applications are configured to use a shared/common certificate repository. Therefore, when we removed the Data Access Client from the certificate list we also prevented this client from connecting to any Server that is configured to use this repository.</p>
<p>When developing your own applications you may decide to separate trust-lists on a per-application basis.</p>
<h2>See Also</h2>
<ul type="disc">
<li>
<p><a href="trusting_applications_built_from_other_frameworks.htm">Trusting Applications built from other Frameworks</a></p>
</li>
</ul>
<p style=" border-top:Solid 1px #000000; font-size:6pt; text-align:right; border-width:4px;"><span style="font-size: 6pt; text-align: right;"><font size="1" style="font-size:6pt;">Copyright OPC Foundation 1995-2013</font></span></p>
<script type="text/javascript" language="javascript1.2">
//<![CDATA[
<!--
if (window.writeIntopicBar)
        writeIntopicBar(0);


highlightSearch();
//-->
//]]>
</script>
</body>
</html>
